EIP-2026-112637

PRE-CVE

The Pacer Edition CMS 2.1 - 'email' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112637. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a functional proof-of-concept for a stored XSS vulnerability in Pacer Edition CMS RC 2.1. The exploit crafts a malicious POST request to the password recovery endpoint, injecting JavaScript via the 'email' parameter that triggers when the victim interacts with the page.

Description

The Pacer Edition CMS 2.1 - 'email' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by LiquidWorm · htmlwebappsphp

https://www.exploit-db.com/exploits/35837

View Code ZIP pw:eip

This is a functional proof-of-concept for a stored XSS vulnerability in Pacer Edition CMS RC 2.1. The exploit crafts a malicious POST request to the password recovery endpoint, injecting JavaScript via the 'email' parameter that triggers when the victim interacts with the page.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Pacer Edition CMS RC 2.1

No auth needed

Prerequisites: Victim must visit the crafted HTML page or click the malicious link · Target application must be vulnerable (Pacer Edition CMS RC 2.1)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026